fix: resolve Copilot SDK custom provider in standalone driver main()#36769
Conversation
The copilot_sdk_driver.cjs standalone main() was not resolving a custom provider from the AWF reflect data before calling runWithCopilotSDK. In offline+BYOK mode the AWF entrypoint unsets COPILOT_GITHUB_TOKEN, so the SDK client must use a provider config pointing at the AWF API proxy instead of token-based Copilot auth. Without a provider the SDK server rejects the session with "Session was not created with authentication info or custom provider", which then surfaces as an unhandled promise rejection and a hard process exit. Fix: move resolveCopilotSDKCustomProviderFromReflect from copilot_harness.cjs into awf_reflect.cjs (the module that already owns all reflect-data helpers), re-export it from copilot_harness.cjs for backward compatibility, and call it inside copilot_sdk_driver.cjs main() so every standalone driver run resolves and passes the provider before creating the SDK session. Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
|
🚀 Smoke Pi MISSION COMPLETE! Pi delivered. 🥧 |
|
🌑 The shadows whisper... Smoke Codex failed to deliver outputs. The oracle requires further meditation... |
|
🚀 Smoke Gemini MISSION COMPLETE! Gemini has spoken. ✨ |
|
🚀 Smoke Antigravity MISSION COMPLETE! Antigravity has spoken. ✨ |
|
✅ All tools validated successfully! Agent Container Smoke Test confirms agent container is ready. |
|
💫 TO BE CONTINUED... Smoke Claude failed to deliver outputs! Our hero faces unexpected challenges... |
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
|
Agent Container Tool Check
Result: 12/12 tools available ✅ — PASS
|
|
Commit pushed:
|
|
✅ GitHub MCP Testing\n✅ Web Fetch Testing\n✅ File Writing Testing\n✅ Bash Tool Testing\n❌ Build gh-aw (Failed to download Go toolchain)\nOverall status: FAIL Warning Firewall blocked 1 domainThe following domain was blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "localhost"See Network Configuration for more information.
|
|
Smoke test 26922082608: FAIL ✅ Add multi-language Copilot SDK driver samples and wire daily workflows to exercise runtime installs Overall: FAIL Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Comment MemoryNote This comment is managed by comment memory.It stores persistent context for this thread in the code block at the top of this comment. Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
|
Smoke: fix: resolve Copilot SDK custom provider in standalone driver main() Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
Smoke Test: Claude — PASS (PARTIAL)Core #1-13: ✅ all passed Warning Firewall blocked 6 domainsThe following domains were blocked by the firewall during workflow execution:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
💥 Automated smoke test review - all systems nominal!
Warning
Firewall blocked 6 domains
The following domains were blocked by the firewall during workflow execution:
accounts.google.comandroid.clients.google.comclients2.google.comcontentautofill.googleapis.comsafebrowsingohttpgateway.googleapis.comwww.google.com
To allow these domains, add them to the
network.allowedlist in your workflow frontmatter:
network:
allowed:
- defaults
- "accounts.google.com"
- "android.clients.google.com"
- "clients2.google.com"
- "contentautofill.googleapis.com"
- "safebrowsingohttpgateway.googleapis.com"
- "www.google.com"See Network Configuration for more information.
💥 [THE END] — Illustrated by Smoke Claude · opus48 5.9M
- fetchAWFReflect now returns reflectData in success result - resolveCopilotSDKCustomProviderFromReflect accepts reflectData directly (live data from harness), falling back to file reading only when not provided - copilot_harness.cjs: fetch reflect data before building childEnv, resolve BYOK provider from live data, fail fast if provider not configured, pass GH_AW_COPILOT_SDK_PROVIDER_BASE_URL to driver subprocess env - copilot_sdk_driver.cjs: read GH_AW_COPILOT_SDK_PROVIDER_BASE_URL from env, fail immediately if not set (BYOK is the only supported mode) - tests: add reflectData param coverage, update fetchAWFReflect result assertion Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
…l check - resolveCopilotSDKCustomProviderFromReflect: use != null instead of 'in' operator so null/undefined reflectData falls back to file reading - copilot_harness.cjs: capture resolved model from custom provider and inject it as COPILOT_MODEL into driver subprocess env for consistency - tests: update reflectData:null test to reflect fallback-to-file behavior Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
…solvedModel Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
Done in the latest commits:
|
| // Fallback: read from the persisted reflect file. | ||
| const reflectPath = (options && options.reflectPath) || AWF_REFLECT_OUTPUT_PATH; | ||
| const readFile = (options && options.readFileSync) || fs.readFileSync; | ||
| try { | ||
| const raw = readFile(reflectPath, "utf8"); | ||
| reflectData = JSON.parse(raw); | ||
| } catch (error) { | ||
| const err = /** @type {Error} */ (error); | ||
| logger(`sdk-mode: unable to read custom provider config from ${reflectPath}: ${err.message}`); | ||
| return null; |
There was a problem hiding this comment.
Removed in the latest commit — resolveCopilotSDKCustomProviderFromReflect now only accepts live reflectData and returns null (with a log message) when it is not provided. The reflectPath/readFileSync parameters and the file-reading branch are gone. Tests updated accordingly.
…lect Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR fixes standalone Copilot SDK driver authentication in offline/BYOK mode by ensuring the SDK session is created with an explicit custom provider resolved from live AWF /reflect data (rather than relying on token-based auth that may be unset by the AWF entrypoint).
Changes:
- Resolve and inject a BYOK provider base URL (and model) from live AWF reflect data in the harness, and pass it into
runWithCopilotSDK. - Make the standalone SDK driver require
GH_AW_COPILOT_SDK_PROVIDER_BASE_URLand pass aproviderconfig to the SDK session. - Extend AWF reflect helpers/tests to return and consume parsed reflect payloads directly.
Show a summary per file
| File | Description |
|---|---|
| actions/setup/js/copilot_sdk_driver.cjs | Requires an injected BYOK provider base URL and passes provider into runWithCopilotSDK. |
| actions/setup/js/copilot_harness.cjs | Fetches live reflect data pre-run, resolves BYOK provider config, injects provider/model into driver env, and fails fast if missing. |
| actions/setup/js/awf_reflect.cjs | Returns parsed reflectData from fetchAWFReflect and adds a live-reflect resolver for SDK custom provider config. |
| actions/setup/js/awf_reflect.test.cjs | Adds coverage for custom-provider resolution and fetchAWFReflect returning parsed reflectData. |
| .changeset/patch-fix-copilot-sdk-provider.md | Publishes a patch changeset describing the fix. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 5/5 changed files
- Comments generated: 3
| let model = configuredModel; | ||
| if (!model && Array.isArray(endpoint?.models)) { | ||
| const firstModel = endpoint.models.find(m => typeof m === "string" && m.trim().length > 0); | ||
| model = typeof firstModel === "string" ? firstModel.trim() : ""; | ||
| } |
| let awfReflectData = null; | ||
| if (process.env.AWF_REFLECT_ENABLED === "1") { | ||
| await fetchAWFReflect({ logger: log }); | ||
| const reflectResult = await fetchAWFReflect({ logger: log }); | ||
| if (reflectResult.ok && reflectResult.reflectData) { | ||
| awfReflectData = reflectResult.reflectData; | ||
| } | ||
| } |
| const providerBaseUrl = process.env.GH_AW_COPILOT_SDK_PROVIDER_BASE_URL; | ||
| if (!providerBaseUrl) { | ||
| process.stderr.write( | ||
| "[copilot-sdk-driver] error: GH_AW_COPILOT_SDK_PROVIDER_BASE_URL is not set — " + | ||
| "BYOK provider is required; ensure the harness resolved a custom provider from awf-reflect data\n" | ||
| ); | ||
| process.exit(1); | ||
| } | ||
| const provider = /** @type {import("@github/copilot-sdk").ProviderConfig} */ ({ type: "openai", baseUrl: providerBaseUrl }); |
In offline+BYOK mode the AWF entrypoint unsets
COPILOT_GITHUB_TOKEN, so the SDK client must authenticate via a custom provider pointing at the AWF API proxy.copilot_sdk_driver.cjsmain()was callingrunWithCopilotSDKwith noprovider, causing the SDK server to reject the session immediately:This surfaces as an unhandled Node.js promise rejection →
exitCode=1, no retries.Changes
awf_reflect.cjs— movesresolveCopilotSDKCustomProviderFromReflecthere fromcopilot_harness.cjs. Requires livereflectDatapassed directly (no file fallback). Returns null with a log message whenreflectDatais not provided.fetchAWFReflectnow returns the parsedreflectDatain its success result. Exports both.copilot_harness.cjs— fetches AWF reflect data before building the child process env, saves the livereflectData, and resolves the BYOK custom provider from it. Fails immediately (process.exit(1)) if the provider cannot be resolved — BYOK is the only supported mode and retrying a misconfigured environment is pointless. InjectsGH_AW_COPILOT_SDK_PROVIDER_BASE_URLand the reflect-resolvedCOPILOT_MODELinto the driver subprocess environment.copilot_sdk_driver.cjs— readsGH_AW_COPILOT_SDK_PROVIDER_BASE_URLfrom the environment injected by the harness and fails immediately if not set. Passes the resolvedproviderandmodeltorunWithCopilotSDK. The silent fallback to token-based auth is removed.awf_reflect.test.cjs— adds tests covering port-based URL derivation,models_urlorigin extraction, model endpoint selection, empty endpoint list, livereflectDataparameter, and null/undefinedreflectDatabehaviour.